ossec-authd¶
The ossec-authd program can automatically add an agent to a Wazuh manager and provide the key to the agent. The agent-auth application is the client application used with ossec-authd
. ossec-authd
creates an agent with an IP address of “any” instead of using a specifig IP address.
Warning
By default, there is no authentication or authorization involved in this transaction, so it is recommended that this daemon only be run when a new agent is being added.
-V | Version and license message. | |
-h | This help message. | |
-d | Debug mode. Use this parameter multiple times to increase the debug level. | |
-t | Test configuration. | |
-f | Run in foreground. | |
-i | Use client’s source IP address instead of any. | |
-F <time> | Remove old agent with same name or IP if its keepalive has more than the specified number of seconds. | |
-F no | Disable force insertion. | |
-r | Do not keep removed agents (delete). | |
-g <group> | Group to run as. | |
Default | ossec | |
-D <dir> | Directory to chroot into. | |
Default | /var/ossec | |
-p <port> | Manager port. | |
Default | 1515 | |
-P | Enable shared password authentication, at /var/ossec/etc/authd.pass or random. | |
-c <ciphers> | SSL cipher list. The format of this parameter is described in SSL ciphers. | |
Default | HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH | |
-v <path> | Full path to CA certificate used to verify clients. | |
-s | Used with -v, enable source host verification. | |
-x <path> | Full path to server certificate. | |
Default | /var/ossec/etc/sslmanager.cert. | |
-k <path> | Full path to server key. | |
Default | /var/ossec/etc/sslmanager.key. | |
-a | Auto negotiate the most secure common SSL/TLS method with the client. | |
Default | TLS v1.2 only (if supported by the server). | |
-L | Force insertion even though agent limit has been reached. |